Jan 14, 2020

Looks like another ASN1 parser vulnerability.

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA...

Nope, even worse. They apparently didn't check the base point: https://news.ycombinator.com/item?id=22047573

Jan 14, 2020

None of these links describe how the exploit works.

I found this: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA...

So based on my limited understanding:

1. The certificates have a place for defining curve parameters.

2. The attacker specifies their own parameters so that they match the start of a standard curve but choose the rest of the parameters themselves. With the right ECC math they are able to generate a valid signature for the certificate even though they don't own the private key corresponding to the original curve.

3. The old crypto API -didn't- check that certificates were signed from a fixed set of valid parameters. It would just check for sig validity allowing for spoofing of the cert.

Interesting stuff. So you might be able to cryptographically prove if there was ever any attacks in the wild from this at a given time (if we assume dates are checked at least)?

I wonder what happens at the Microsoft Security Response Center when a big vuln hits like this? Does it tie up all their resources just working on the one vuln?

Jan 14, 2020

Following a couple of twitter threads led me to this PDF: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA...

(the tweet where I found it at https://mobile.twitter.com/NSAGov/status/1217152211056238593 has an image version of that PDF, in case you don't trust that domain)